Unindentified layout for RRAS logs

Question

I stumbled upon an unknown layout, without headers, which neither NPS Log Interpreter nor IAS Log Viewer can seem to understand. My Google-fu is spent and I've found zero documentation about it.

Lines go like this:

server, "RAS", date, time, packet type?, username (sometimes has domain), username (always has domain), ip, ip, , ip, server, ip, numbers, ip, server, random number?, , 5, , 1, 2, 4/5, string, 0/68, string, empty/60, empty/1800, string, 1/2, , random number?, random number?, port?, empty/3, random/empty, random/empty, random/empty, empty/1, port?, empty/1, , emtpy/1, empty/1, ip, ip, , , , , , , string, 311, , hex string, number, number, policy?, 1, , , , hostname?, string

I feel like I've stumbled upon this before, but so far I've found 3 different layouts for treating RRAS logs and none of those fit these lines.

Answer 1

Dug and found an old logstash conf file with the layout!

"ComputerName","ServiceName","RecordDate","RecordTime","PacketType","UserName","FQDN","CalledStationID","CallingStationID","CallbackNumber","FramedIPAddress","NASIdentifier","NASIPAddress","NASPort","ClientVendor","ClientIPAddress","ClientFriendlyName","EventTimestamp","PortLimit","NASPortType","ConnectInfo","FramedProtocol","ServiceType","AuthenticationType","PolicyName","ReasonCode","Class","SessionTimeout","IdleTimeout","TerminationAction","EAPFriendlyName","AcctStatusType","AcctDelayTime","AcctInputOctets","AcctOutputOctets","AcctSessionID","AcctAuthentic","AcctSessionTime","AcctInputPackets","AcctOutputPackets","AcctTerminateCause","AcctMultiSsnID","AcctLinkCount","AcctInterimInterval","TunnelType","TunnelMediumType","TunnelClientEndpt","TunnelServerEndpt","AcctTunnelConn","TunnelPvtGroupID","TunnelAssigntmentID","TunnelPreference","MSAcctAuthType","MSAcctEAPType","MSRASVersion","MSRASVendor","MSCHAPError","MSCHAPDomain","MSMPPEEncryptionTypes","MSMPPEEncryptionPolicy","ProxyPolicyName","ProviderType","ProviderName","RemoteServerAddress","MSRASClientName","MSRASClientVersion" 

But if anyone can find a source that explains this, I'd be really thankful!