pC_mcafeewgkvhttpsessionsuccessmwgaccess3.md
April 15, 2026 ยท View on GitHub
Parser Content
{
Name = "mcafee-wg-kv-http-session-success-mwgaccess3"
Vendor = McAfee
Product = McAfee Web Gateway
ParserVersion = "v1.0.0"
TimeFormat = "dd/MMM/yyyy:HH:mm:ss Z"
Conditions = ["""mwg: [""" ]
Fields = [
"""\s+({host}[^\s]+)\s+mwg:""",
"""mwg:\s+\[({time}[^\]]+)\]""",
"""mwg:\s+\[.+?\]\s+",?(?:|({email_address}([A-Za-z0-9]+[!#$%&'+\/=?^_`~.-])*[A-Za-z0-9]+@[^\]\s"\\,\|]+\.[^\]\s"\\,\|]+)|({user}[\w\.\-\!\#\^\~]{1,40}\$?))"""",
"""mwg:\s+\[.+?\]\s+".*?"\s+({src_ip}((([0-9a-fA-F.]{0,4}):{1,2}){1,7}([0-9a-fA-F]){0,4})|(((25[0-5]|(2[0-4]|1\d|[0-9]|)\d)\.?\b){4}))(:({src_port}\d+))?""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+({http_response_code}\d+)""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+"({method}[^\s]+)""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+"\w+\s+(({protocol}\w+):\/+)?""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+"\w+\s+({url}(\w+:\/+)?({web_domain}[^\/:]+)[^\s"]+)""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+"\w+\s+(\w+:\/+)?[^\/:]*:({dest_port}\d+)""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+"\w+\s+(\w+:\/+)?[^\/:]+(:\d+)?({uri_path}\/.*?)(\?|\s+[^\s]+")""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+"\w+\s+(\w+:\/+)?[^\/:]+(:\d+)?\/[^?]+({uri_query}\?.*?)\s+[^\s]+"""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+".*?"\s+"(\s*|({category}[^,"]+))"""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+(".*?"\s+){3}"(?:|({mime}[^"]+))"""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+(".*?"\s+){4}({bytes_in}\d+)""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+(".*?"\s+){4}\d+\s+({bytes_out}\d+)""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+(".*?"\s+){4}(\d+\s+){2}"(?:|({user_agent}[^"]+))"""",
"""mwg:\s+\[.+?\]\s+".*?"\s+[^\s]+\s+\d+\s+(".*?"\s+){4}(\d+\s+){2}(".*?"\s+){4}({dest_ip}((([0-9a-fA-F.]{0,4}):{1,2}){1,7}([0-9a-fA-F]){0,4})|(((25[0-5]|(2[0-4]|1\d|[0-9]|)\d)\.?\b){4}))(:({dest_port}\d+))?""",
]
}