This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How To Contribute Your Parsers to the RSA NetWitness GitHub

EricPartington
Employee
Employee
‎2018-07-19 06:37 AM

Here's the steps you'll need to follow to initiate a fork of the RSA NetWitness Log Parsers Repository

 

  • Create a fork (your copy of the full repo) from the link on top right corner of page https://github.com/netwitness/nwlogparsers
  • Create a new branch in your repo for your work and add your new parser work under community folderpastedImage_2.png
  • Each new parser should be kept in a new folder with its name
    • only add the parser.xml file (not zip or .envision file)
  • Create a new folder for your parser by clicking new file button, when the box shows up add the folder name then a slash and then the file name (this creates a folder for your file which isn’t obvious from the UI)pastedImage_4.pngpastedImage_5.png
  • Copy and paste the text of your parser into the editor
  • Only include the .xml and .ini file and nothing else (no .envision or .zip)
  • Add data to the Commit description at the bottom and click commit new filepastedImage_6.png
  • Raise a pull request to merge your changes to the RSA NetWitness repo
    • Open your repo page on github.com
    • Click create pull request
    • Name the pull request
    • Request will go to the RSA content team for review and merging into the parser(s)

How to Update your forked log-parsers repository to get latest version

  • Log into your github account
  • Locate the forked nw-logparsers repository in your account

pastedImage_13.png

  • Click on compare (right side)

pastedImage_14.png

You will get a notification like this if it’s the first time for comparing

There isn't anything to compare.
someone:master is up to date with all commits from me:master. Try switching the base for your comparison.

Click on switching the base

pastedImage_15.png

Or you will see this if you have compared before:

pastedImage_16.png

 

*** important  ***

Github defaults to sync your changes to the upstream fork, in this case we want the opposite.

Chagne the base fork (left option) to be your fork (not the netwitness/nw-logparsers)

pastedImage_17.png

Now you will see a different comparing changes screen and a note about comparing the same two things:

pastedImage_18.png

 

Click the compare across forks:

pastedImage_19.png

pastedImage_20.png

Click the head fork and change to the netwitness/ fork:

pastedImage_21.png

Now you see the commits since the repository was forked:

pastedImage_22.png

Click on Create pull request:

pastedImage_23.png

Give it a title and if required a description

 

On the next page click Create pull request

pastedImage_24.png

pastedImage_25.png

pastedImage_26.png

Click confirm merge:

pastedImage_27.png

Your copy of the RSA Netwitness nw-logparsers repo is now updated

pastedImage_28.png

You can review the latest code and also submit new parsers or updates to your already submitted parsers using the above process.

 

The resource I used which helped me along with this was the following very helpful GitHub link:

https://github.com/KirstieJane/STEMMRoleModels/wiki/Syncing-your-fork-to-the-original-repository-via-the-browser

4 Comments
© 2022 RSA Security LLC or its affiliates. All rights reserved.