...
The generic parser is activated by the configuration option opevents_parser_rules, in conf/opCommon.nmis, and the rules are defined in conf/EventParserRules.nmis. Hiere is an excerpt from the example generic parser rules example that opEvents ships with:
...
The THEN expression consists of a nested sub-policy or of a single action statement. The action statement is an AND-separated separated list of set or capture statements: set.propertyname(value) sets the named property to the static value, and capture(propname,propname) saves what the respective captures from the regex captured in the named properties. Rules are applied in the order defined by their numeric key, and nesting is fully supported.