Here's the steps you'll need to follow to initiate a fork of the RSA NetWitness Log Parsers Repository
- Create GitHub account for free
- Locate the RSA NetWitness project
- Locate the log-parsers project
- Create a fork (your copy of the full repo) from the link on top right corner of page https://github.com/netwitness/nwlogparsers
- Create a new branch in your repo for your work and add your new parser work under community folder
![pastedImage_2.png pastedImage_2.png](/t5/image/serverpage/image-id/27702iE1DDDA98C9B58FF8/image-size/large?v=v2&px=999)
- Each new parser should be kept in a new folder with its name
- only add the parser.xml file (not zip or .envision file)
- Create a new folder for your parser by clicking new file button, when the box shows up add the folder name then a slash and then the file name (this creates a folder for your file which isn’t obvious from the UI)
![pastedImage_4.png pastedImage_4.png](/t5/image/serverpage/image-id/27701i474BAABF18DA42E9/image-size/large?v=v2&px=999)
![pastedImage_5.png pastedImage_5.png](/t5/image/serverpage/image-id/27700i5F1A8210C5E8F59C/image-size/large?v=v2&px=999)
- Copy and paste the text of your parser into the editor
- Only include the .xml and .ini file and nothing else (no .envision or .zip)
- Add data to the Commit description at the bottom and click commit new file
![pastedImage_6.png pastedImage_6.png](/t5/image/serverpage/image-id/27707i854F2E5FDDF79B79/image-size/large?v=v2&px=999)
- Raise a pull request to merge your changes to the RSA NetWitness repo
- Open your repo page on github.com
- Click create pull request
- Name the pull request
- Request will go to the RSA content team for review and merging into the parser(s)
How to Update your forked log-parsers repository to get latest version
- Log into your github account
- Locate the forked nw-logparsers repository in your account
![pastedImage_13.png pastedImage_13.png](/t5/image/serverpage/image-id/27708iFA5DE2A03DC372B8/image-size/large?v=v2&px=999)
- Click on compare (right side)
![pastedImage_14.png pastedImage_14.png](/t5/image/serverpage/image-id/27709i13F0FD6B552E2EEF/image-size/large?v=v2&px=999)
You will get a notification like this if it’s the first time for comparing
There isn't anything to compare.
someone:master is up to date with all commits from me:master. Try switching the base for your comparison.
Click on switching the base
![pastedImage_15.png pastedImage_15.png](/t5/image/serverpage/image-id/27710i1E1D0FE415DB419F/image-size/large?v=v2&px=999)
Or you will see this if you have compared before:
![pastedImage_16.png pastedImage_16.png](/t5/image/serverpage/image-id/27711i9619CE7DA2DB9EB5/image-size/large?v=v2&px=999)
*** important ***
Github defaults to sync your changes to the upstream fork, in this case we want the opposite.
Chagne the base fork (left option) to be your fork (not the netwitness/nw-logparsers)
![pastedImage_17.png pastedImage_17.png](/t5/image/serverpage/image-id/27712iF62F0693FC1EAE75/image-size/large?v=v2&px=999)
Now you will see a different comparing changes screen and a note about comparing the same two things:
![pastedImage_18.png pastedImage_18.png](/t5/image/serverpage/image-id/27713i5D20397A279FC96F/image-size/large?v=v2&px=999)
Click the compare across forks:
![pastedImage_19.png pastedImage_19.png](/t5/image/serverpage/image-id/27714i4C3EF38F2865DD46/image-size/large?v=v2&px=999)
![pastedImage_20.png pastedImage_20.png](/t5/image/serverpage/image-id/27715i34986CE25A64D0B2/image-size/large?v=v2&px=999)
Click the head fork and change to the netwitness/ fork:
![pastedImage_21.png pastedImage_21.png](/t5/image/serverpage/image-id/27716i63D5F71689F5F727/image-size/large?v=v2&px=999)
Now you see the commits since the repository was forked:
![pastedImage_22.png pastedImage_22.png](/t5/image/serverpage/image-id/27717i33AD239BB4EE0968/image-size/large?v=v2&px=999)
Click on Create pull request:
![pastedImage_23.png pastedImage_23.png](/t5/image/serverpage/image-id/27718i32609177D3AFE356/image-size/large?v=v2&px=999)
Give it a title and if required a description
On the next page click Create pull request
![pastedImage_24.png pastedImage_24.png](/t5/image/serverpage/image-id/27699iB9EBEEDA1B6D721E/image-size/large?v=v2&px=999)
![pastedImage_25.png pastedImage_25.png](/t5/image/serverpage/image-id/27706i278EAF91E8BC1DE0/image-size/large?v=v2&px=999)
![pastedImage_26.png pastedImage_26.png](/t5/image/serverpage/image-id/27705iF14B18F38C01CB50/image-size/large?v=v2&px=999)
Click confirm merge:
![pastedImage_27.png pastedImage_27.png](/t5/image/serverpage/image-id/27704i466BB096326394B2/image-size/large?v=v2&px=999)
Your copy of the RSA Netwitness nw-logparsers repo is now updated
![pastedImage_28.png pastedImage_28.png](/t5/image/serverpage/image-id/27703i656864653C8CCE9D/image-size/large?v=v2&px=999)
You can review the latest code and also submit new parsers or updates to your already submitted parsers using the above process.
The resource I used which helped me along with this was the following very helpful GitHub link:
https://github.com/KirstieJane/STEMMRoleModels/wiki/Syncing-your-fork-to-the-original-repository-via-the-browser