Sure! Here are 2 example syslog entries. Note the date/time at the beginning, the URL:, and the User: sections. I did choose 'Extract Fields' and it appeared to be able to single out the 3 fields that I was most concerned with. I just don't know how to make a simple report from those 3 fields. I appreciate your responses, satishsdange!
2015-03-17 00:00:15 Syslog.Alert 10.24.100.2 Mar 16 13:50:46 SET-ASASFR SFIMS: [Primary Detection Engine (3fb65e80-3ea7-11e4-ae31-d6323923abe1)][Default Access Control] Connection Type: End, User: mav2, Client: SSL client, Application Protocol: HTTPS, Web App: MS Office 365, Access Control Rule Name: LogWebTraffic, Access Control Rule Action: Allow, Access Control Rule Reasons: Unknown, URL Category: Internet Portals, URL Reputation: High risk, URL: https://nexus.officeapps.live.com, Interface Ingress: Inside, Interface Egress: Outside, Security Zone Ingress: N/A, Security Zone Egress: N/A, Security Intelligence Matching IP: None, Security Intelligence Category: None, Client Version: (null), Number of File Events: 0, Number of IPS Events: 0, TCP Flags: 0x0, NetBIOS Domain: (null), Initiator Packets: 8, Responder Packets: 9, Initiator Bytes: 1434, Responder Bytes: 6780, Context: unknown {TCP} 10.24.100.78:55118 -> 167.73.254.109:443
2015-03-17 00:01:25 Syslog.Alert 10.24.100.2 Mar 16 13:50:47 SET-ASASFR SFIMS: [Primary Detection Engine (3fb65e80-3ea7-11e4-ae31-d6323923abe1)][Default Access Control] Connection Type: End, User: rad2, Client: Microsoft CryptoAPI, Application Protocol: HTTP, Web App: Microsoft, Access Control Rule Name: LogWebTraffic, Access Control Rule Action: Allow, Access Control Rule Reasons: Unknown, URL Category: Business and Economy, URL Reputation: High risk, URL: http://crl.microsoft.com/pki/crl/products/tspca.crl, Interface Ingress: Inside, Interface Egress: Outside, Security Zone Ingress: N/A, Security Zone Egress: N/A, Security Intelligence Matching IP: None, Security Intelligence Category: None, Client Version: 6.1, Number of File Events: 0, Number of IPS Events: 0, TCP Flags: 0x0, NetBIOS Domain: (null), Initiator Packets: 17, Responder Packets: 9, Initiator Bytes: 2799, Responder Bytes: 2083, Context: unknown {TCP} 10.24.100.91:62157 -> 74.73.232.50:80
... View more