[PARSER]
    Name        firstline_app_parser
    Format      regex
    Regex       ^(?<log>[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3} [A-Z]+,(.*))
    # This regex captures both the timestamp and the rest of the line.
[PARSER]
    Name        firstline_audit_parser
    Format      regex
    Regex       ^(?<log>(?:AUDIT:\s(?:SESSION|OBJECT))(.*))
  # This regex captures both audit headers "AUDIT: (SESSION|OBJECT)" and the rest of the line.