Update JuniperSRX.txt

Azure · Aug 31, 2023 · b4f1c74 · b4f1c74
1 parent 04e66ed
commit b4f1c74
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/Solutions/Juniper SRX/Parsers/JuniperSRX.txt b/Solutions/Juniper SRX/Parsers/JuniperSRX.txt
@@ -100,10 +100,12 @@ let FlowNotDenyEvents = FlowEvents
          Substring = tostring(Parser[12])
 | extend Parser2 = extract_all(@"(0x0/s)?([\S]+)\s([\S]+)\s([\S]+)\s([\S]+)\s(\d+)\s([\S]+)\s([\S]+)\s([\S]+)\s(\d+)",dynamic([1,2,3,4,5,6,7,8,9,10]), Substring)
 | mvexpand Parser2
-| extend ProtocolId = toint(Parser2[5]),
+| extend SrcNatRuleName = tostring(Parser2[2]),
+         DstNatRuleName = tostring(Parser2[4]),
+         ProtocolId = toint(Parser2[5]),
          PolicyName = tostring(Parser2[6]),
-         SrcNatRuleName = tostring(Parser2[7]),
-         DstNatRuleName = tostring(Parser2[8]),
+         SourceZoneName = tostring(Parser2[7]),
+         DestinationZoneName = tostring(Parser2[8]),
          SessionId = toint(Parser2[9])
 | project-away Parser, Parser2, Substring;
 let AllOtherEvents = LogHeader