This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Lua parser for logs

MarcinGryga
Beginner
Beginner

‎2016-07-26 08:21 AM

Hi,

 

Can RSA create a guide for log parsers in Lua ?

 

Marcin

3 REPLIES 3

WilliamMotley1
Frequent Contributor Frequent Contributor
Frequent Contributor

‎2016-07-26 08:55 AM

I intend to eventually add a section to the parsers book regarding log parsers in lua.

 

It's straightforward if you're already at least somewhat comfortable writing a packet parser in lua.  The structure and fundamental concepts are the same.  The parser defines tokens to match upon, functions to run when a token matches, and keys with which to register meta.

 

The "payload" is the log message itself.  The same payload functions available to a packet parser operate on an object representing the log message rather than an object representing session payload.

 

As well, a lua log parser matching a log message does not preclude a "normal" log parser from parsing the same message.

Anonymous
Not applicable

‎2016-07-27 09:14 AM

Hey Marcin, if you are looking for an example, I've created a proof of concept a while ago: Customizing the platform: generate a hash for each log message

MarcinGryga
Beginner
Beginner
In response to Anonymous

‎2016-08-10 05:27 AM

Thanks for info.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.