RRAS日志的未标识布局

Question

我偶然发现了一个未知的布局，没有头，NPS日志解释器和国际会计准则日志查看器似乎都无法理解。我的Google-fu已经花光了，而且我没有找到任何关于它的文档。

台词是这样的：

server, "RAS", date, time, packet type?, username (sometimes has domain), username (always has domain), ip, ip, , ip, server, ip, numbers, ip, server, random number?, , 5, , 1, 2, 4/5, string, 0/68, string, empty/60, empty/1800, string, 1/2, , random number?, random number?, port?, empty/3, random/empty, random/empty, random/empty, empty/1, port?, empty/1, , emtpy/1, empty/1, ip, ip, , , , , , , string, 311, , hex string, number, number, policy?, 1, , , , hostname?, string

我觉得我以前偶然发现过这个，但到目前为止，我已经找到了3种不同的处理RRAS日志的布局，而这些都不适合这些线路。

Answer 1

挖掘并找到一个旧的logstash文件与布局！

"ComputerName","ServiceName","RecordDate","RecordTime","PacketType","UserName","FQDN","CalledStationID","CallingStationID","CallbackNumber","FramedIPAddress","NASIdentifier","NASIPAddress","NASPort","ClientVendor","ClientIPAddress","ClientFriendlyName","EventTimestamp","PortLimit","NASPortType","ConnectInfo","FramedProtocol","ServiceType","AuthenticationType","PolicyName","ReasonCode","Class","SessionTimeout","IdleTimeout","TerminationAction","EAPFriendlyName","AcctStatusType","AcctDelayTime","AcctInputOctets","AcctOutputOctets","AcctSessionID","AcctAuthentic","AcctSessionTime","AcctInputPackets","AcctOutputPackets","AcctTerminateCause","AcctMultiSsnID","AcctLinkCount","AcctInterimInterval","TunnelType","TunnelMediumType","TunnelClientEndpt","TunnelServerEndpt","AcctTunnelConn","TunnelPvtGroupID","TunnelAssigntmentID","TunnelPreference","MSAcctAuthType","MSAcctEAPType","MSRASVersion","MSRASVendor","MSCHAPError","MSCHAPDomain","MSMPPEEncryptionTypes","MSMPPEEncryptionPolicy","ProxyPolicyName","ProviderType","ProviderName","RemoteServerAddress","MSRASClientName","MSRASClientVersion" 

但如果有人能找到解释这件事的消息来源，我会非常感激的！