#####################################################################################################################
# Gold Standard Log Format Results: 3473 characters; 128 characters used for CSV/text qualifiers
#####################################################################################################################
<131>Jun  4 22:47:14 wafhostname.localhost.com ASM:"2023-06-04 22:47:14"~,~"153.31.42.75"~,~"N/A"~,~"US"~,~"Unknown"~,~"wafhostname.localhost.com"~,~"/Common/WAFLogic"~,~"0"~,~"blocked"~,~"GET"~,~"/"~,~"%3Cscript%3Ealert(TCPBasicFormatSplunkLogTest5)%3C/script%3E"~,~"N/A"~,~"N/A"~,~"not_received"~,~"Attack signature detected"~,~"N/A"~,~"5"~,~"Error"~,~"Cross Site Scripting (XSS)"~,~"N/A"~,~"200001475,200000098,200001088,200101609"~,~"XSS script tag end (Parameter) (2),XSS script tag (Parameter),alert() (Parameter)..."~,~"~,~"~,~"N/A"~,~"N/A"~,~"<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>13d20109202d8a-c63b5fa8b0000040</block><alarm>5cf7f3ffbdffbffb-ffff5f28b0000040</alarm><learn>5cf3f1ffffffbffb-fdfc000830000000</learn><staging>0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>PHNjcmlwdD5hbGVydCh0Y3BiYXNpY2Zvcm1hdHNwbHVua2xvZ3Rlc3Q1KTwvc2NyaXB0Pg==</name><value></value><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>7</blocking_mask><kw_data><buffer>PHNjcmlwdD5hbGVydChUQ1BCYXNpY0Zvcm1hdFNwbHVua0xvZ1Rlc3Q1KTwvc2NyaXB0Pj0=</buffer><offset>1</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>7</blocking_mask><kw_data><buffer>PHNjcmlwdD5hbGVydChUQ1BCYXNpY0Zvcm1hdFNwbHVua0xvZ1Rlc3Q1KTwvc2NyaXB0Pj0=</buffer><offset>0</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200001088</sig_id><blocking_mask>7</blocking_mask><kw_data><buffer>PHNjcmlwdD5hbGVydChUQ1BCYXNpY0Zvcm1hdFNwbHVua0xvZ1Rlc3Q1KTwvc2NyaXB0Pj0=</buffer><offset>8</offset><length>6</length></kw_data></sig_data><sig_data><sig_id>200101609</sig_id><blocking_mask>7</blocking_mask><kw_data><buffer>PHNjcmlwdD5hbGVydChUQ1BCYXNpY0Zvcm1hdFNwbHVua0xvZ1Rlc3Q1KTwvc2NyaXB0Pj0=</buffer><offset>0</offset><length>52</length></kw_data></sig_data></violation></request-violations></BAD_MSG>"~,~"GET /?%3Cscript%3Ealert(TCPBasicFormatSplunkLogTest5)%3C/script%3E HTTP/1.1\r\nHost: waflogic.com\r\nConnection: keep-alive\r\nsec-ch-ua: "Microsoft Edge";v="113", "Chromium";v="113", "Not-A.Brand";v="24"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: "Windows"\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Edg/113.0.1774.57\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9\r\nCookie: TS010642dc=015f51e63e3132bb0e2b553d7f7d44aa8a2ed81bc195c5c5ad2123b00146c2e708261c471d012e475d69ea1990bde4ac10e0a1fe7ed29f9cf12c8f2af9f74ddc61a5f316a8; TS010f2001=015f51e63e8fed5c783a5797f910f76c5a7c26613fcfaa1c9aac91aaf2eb10256c05eaf9eb0ebea75dc9d4950207ebda9c764613a5a5ee262d756645613987b514bc8e429f; TS7c30a0e9027=080450cf87ab20004c494b38d8cc1208274fcdccad63517ee1095b5ad5ac0c544fec999b2b836142081a9c91a9113000b8f8d00717588e50df6e1a02076df59b6a88982ebb846cc438aea1149d3f8b089bd993c7eceb81651e4a4f96fde51dd3\r\n\r\n"~,~"Request was blocked"~,~"~,~"4157405326074712251"

#####################################################################################################################
# Standard Key Value Pair W/ Custom Fields: 3831 characters (358 extra characters); 463 characters used on key names and text qualifiers (335 extra characters)
#####################################################################################################################
date_time="<131>Jun  4 22:47:14 wafhostname.localhost.com ASM:"2023-06-04 22:47:14"",ip_client="153.31.42.75",x_forwarded_for_header_value="N/A",geo_location="US",client_type="Unknown",unit_hostname="wafhostname.localhost.com",policy_name="/Common/WAFLogic",response_code="0",request_status="blocked",method="GET",uri="/",query_string="%3Cscript%3Ealert(TCPBasicFormatSplunkLogTest5)%3C/script%3E",username="N/A",login_result="N/A",captcha_result="not_received",violations="Attack signature detected",sub_violations="N/A",violation_rating="5",severity="Error",attack_type="Cross Site Scripting (XSS)",blocking_exception_reason="N/A",sig_ids="200001475,200000098,200001088,200101609",sig_names="XSS script tag end (Parameter) (2),XSS script tag (Parameter),alert() (Parameter)...",staged_sig_ids="",staged_sig_names="",websocket_direction="N/A",websocket_message_type="N/A",violation_details="<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>13d20109202d8a-c63b5fa8b0000040</block><alarm>5cf7f3ffbdffbffb-ffff5f28b0000040</alarm><learn>5cf3f1ffffffbffb-fdfc000830000000</learn><staging>0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>PHNjcmlwdD5hbGVydCh0Y3BiYXNpY2Zvcm1hdHNwbHVua2xvZ3Rlc3Q1KTwvc2NyaXB0Pg==</name><value></value><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>7</blocking_mask><kw_data><buffer>PHNjcmlwdD5hbGVydChUQ1BCYXNpY0Zvcm1hdFNwbHVua0xvZ1Rlc3Q1KTwvc2NyaXB0Pj0=</buffer><offset>1</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>7</blocking_mask><kw_data><buffer>PHNjcmlwdD5hbGVydChUQ1BCYXNpY0Zvcm1hdFNwbHVua0xvZ1Rlc3Q1KTwvc2NyaXB0Pj0=</buffer><offset>0</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200001088</sig_id><blocking_mask>7</blocking_mask><kw_data><buffer>PHNjcmlwdD5hbGVydChUQ1BCYXNpY0Zvcm1hdFNwbHVua0xvZ1Rlc3Q1KTwvc2NyaXB0Pj0=</buffer><offset>8</offset><length>6</length></kw_data></sig_data><sig_data><sig_id>200101609</sig_id><blocking_mask>7</blocking_mask><kw_data><buffer>PHNjcmlwdD5hbGVydChUQ1BCYXNpY0Zvcm1hdFNwbHVua0xvZ1Rlc3Q1KTwvc2NyaXB0Pj0=</buffer><offset>0</offset><length>52</length></kw_data></sig_data></violation></request-violations></BAD_MSG>",request="GET /?%3Cscript%3Ealert(TCPBasicFormatSplunkLogTest5)%3C/script%3E HTTP/1.1\r\nHost: waflogic.com\r\nConnection: keep-alive\r\nsec-ch-ua: "Microsoft Edge";v="113", "Chromium";v="113", "Not-A.Brand";v="24"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: "Windows"\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Edg/113.0.1774.57\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9\r\nCookie: TS010642dc=015f51e63e3132bb0e2b553d7f7d44aa8a2ed81bc195c5c5ad2123b00146c2e708261c471d012e475d69ea1990bde4ac10e0a1fe7ed29f9cf12c8f2af9f74ddc61a5f316a8; TS010f2001=015f51e63e8fed5c783a5797f910f76c5a7c26613fcfaa1c9aac91aaf2eb10256c05eaf9eb0ebea75dc9d4950207ebda9c764613a5a5ee262d756645613987b514bc8e429f; TS7c30a0e9027=080450cf87ab20004c494b38d8cc1208274fcdccad63517ee1095b5ad5ac0c544fec999b2b836142081a9c91a9113000b8f8d00717588e50df6e1a02076df59b6a88982ebb846cc438aea1149d3f8b089bd993c7eceb81651e4a4f96fde51dd3\r\n\r\n",response="Request was blocked",is_truncated="",support_id="4157405326074712251"

#####################################################################################################################
# Standard Format using TCP w/ 2K Limit: 2090 characters 844 characters used for key names and text qualifiers
#####################################################################################################################
<131>Jun  4 22:43:57 wafhostname.localhost.com ASM:unit_hostname="wafhostname.localhost.com",management_ip_address="192.168.1.1",management_ip_address_2="N/A",http_class_name="/Common/WAFLogic",web_application_name="/Common/WAFLogic",policy_name="/Common/WAFLogic",policy_apply_date="2023-06-04 20:48:40",violations="Attack signature detected",support_id="4157405326074711470",request_status="blocked",response_code="0",ip_client="153.31.42.75",route_domain="0",method="GET",protocol="HTTPS",query_string="%3Cscript%3Ealert(TCPBasicFormatSplunkLogTest4)%3C/script%3E",x_forwarded_for_header_value="N/A",sig_ids="200001475,200000098,200001088,200101609",sig_names="XSS script tag end (Parameter) (2),XSS script tag (Parameter),alert() (Parameter)...",date_time="2023-06-04 22:43:57",severity="Error",attack_type="Cross Site Scripting (XSS)",geo_location="US",ip_address_intelligence="N/A",username="N/A",session_id="91fa9bb91162befe",src_port="60036",dest_port="443",dest_ip="63.226.21.50",sub_violations="N/A",virus_name="N/A",violation_rating="5",websocket_direction="N/A",websocket_message_type="N/A",device_id="N/A",staged_sig_ids="",staged_sig_names="",threat_campaign_names="N/A",staged_threat_campaign_names="N/A",blocking_exception_reason="N/A",captcha_result="not_received",microservice="N/A",tap_event_id="N/A",tap_vid="N/A",vs_name="/Common/vip-ProjectBAIU-443",sig_cves="N/A",staged_sig_cves="N/A",uri="/",fragment="",request="GET /?%3Cscript%3Ealert(TCPBasicFormatSplunkLogTest4)%3C/script%3E HTTP/1.1\r\nHost: waflogic.com\r\nConnection: keep-alive\r\nsec-ch-ua: %22Microsoft Edge%22;v=%22113%22, %22Chromium%22;v=%22113%22, %22Not-A.Brand%22;v=%2224%22\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: %22Windows%22\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Edg/113.0.1774.57\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch

#####################################################################################################################
# Standard Format trimmed to UDP 1K Limit
#####################################################################################################################
<131>Jun  4 22:43:57 wafhostname.localhost.com ASM:unit_hostname="wafhostname.localhost.com",management_ip_address="192.168.69.5",management_ip_address_2="N/A",http_class_name="/Common/WAFLogic",web_application_name="/Common/WAFLogic",policy_name="/Common/WAFLogic",policy_apply_date="2023-06-04 20:48:40",violations="Attack signature detected",support_id="4157405326074711470",request_status="blocked",response_code="0",ip_client="153.31.42.75",route_domain="0",method="GET",protocol="HTTPS",query_string="%3Cscript%3Ealert(TCPBasicFormatSplunkLogTest4)%3C/script%3E",x_forwarded_for_header_value="N/A",sig_ids="200001475,200000098,200001088,200101609",sig_names="XSS script tag end (Parameter) (2),XSS script tag (Parameter),alert() (Parameter)...",date_time="2023-06-04 22:43:57",severity="Error",attack_type="Cross Site Scripting (XSS)",geo_location="US",ip_address_intelligence="N/A",username="N/A",session_id="91fa9bb91162befe",src_port="60036",dest_port="443",dest_ip="63.226.21.50",sub_violations="N/A",virus_name="N/A",violation_ra