This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Log Parser Improvements - Update (Jan 2017)

SaketBajoria
Beginner
Beginner
‎2017-01-24 05:13 PM

The RSA Live Content team has published updates for 6 more Log Parsers that generate the largest number of, “Unknown Message Defect” support cases. Earlier in October 2016 (https://community.rsa.com/community/products/netwitness/blog/2016/10/12/log-parser-improvements ) 15 parsers were published. 

 

These enhancements are part of a strategic initiative to drive improvements to Log Parsers.

 

Benefits from these improvements result in:

  • Fewer Unknown Messages
  • Improved Device Discovery
  • Better Adaptability to newer versions of an Event Source
  • Reduced Parser Maintenance

 

To take advantage of these improvements you will need to download the latest versions of the parsers listed below from the Live Portal.

 

 

S.No.

Event Source

Log Parser

Improvements

1

Fortinet FortiGate

fortinet

This parser has been redesigned to parse all event ids generated by the event source. We have made the parser future proof to parse newer event ids that may be introduced in newer versions of the product. It can also accommodate New/Unknown tags, which significantly reduces the number of unknown messages.

2

Microsoft Exchange Server

msexchange

This parser can now identify all Microsoft Excahnge events coming in via Windows Collection. 

3

F5 Big-IP Application Security Manager

bigipasm

This event source has a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages.

4

Bit9 Security Platform

bit9

This parser has been redesigned to parse all event ids generated by the event source coming in via Syslog. We have made the parser future proof to parse newer event ids that may be introduced in newer versions of the product.

This event source has a structured log format and uses tag=value format. It can also accommodate New/Unknown tags, which significantly reduces the number of unknown messages.

5

Cisco IronPort Email Security Appliance

ciscoiportesa

This parser has been made future proof to identify all events coming in via File Reader or Syslog.

6

Trend Micro Control Manager

trendmicro

This parser has been redesigned to parse all event ids generated by the event source. It has been made future proof to parse newer event ids that may be introduced in newer versions of the product.

This event source has a structured log format and uses tag=value format. It can also accommodate New/Unknown tags, which significantly reduces the number of unknown messages.

 

RSA Live Content team will be powering similar improvements for more parsers over the next two quarters.

Labels:
11 Comments
© 2022 RSA Security LLC or its affiliates. All rights reserved.