This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness - Log Parser Rules (Dynamic Rules)

NaushadKasu1
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2019-11-04 09:50 AM

Documentation Link: Log Parsing Customization Guide for RSA NetWitness Platform 11.x - Table of Contents 

 

This video covers the building of a log parser using the Log Parser Rules feature within RSA NetWitness. We cover in its entirety scenario 1, and scenario 2 has coverage as well to a limited degree as it comprises mostly of steps covered in Scenario 1.

 

Scenario 1:

- Device Type (device.type) does not exist

- Message ID (msg.id) does not exist

 

Scenario 2:

- Device Type (device.type) exists

- Message ID (msg.id) does not exist

Labels:
1 Comment
© 2022 RSA Security LLC or its affiliates. All rights reserved.