This is a custom syslog parser I wrote for SecureAuth's MFA product. This is used with the "AUDIT" syslog settings configured as default in SecureAuth.
This is not all inclusive of every eventid but does include almost all that I have run across in our production/test environment so far.
As I encounter other eventids I will update the parser to include them.
Disclaimer: I am in no way a regex expert lol