2015-03-25 02:30 PM
Is it possible to create a custom file reader event source? We want to collect logs but it does not seem to want to accept them using a different one to test.
2015-03-26 05:05 AM
Hi Sean,
I would look at the following link:
(Optional) Create Custom Content Typespec for File Collection - RSA Security Analytics Documentation
It takes you through an explanation of creating your own Typespec to transform the file.
2015-03-26 05:05 AM
Hi Sean,
I would look at the following link:
(Optional) Create Custom Content Typespec for File Collection - RSA Security Analytics Documentation
It takes you through an explanation of creating your own Typespec to transform the file.
2015-04-10 09:39 AM
I think it's a bit optimistic to say the document takes you through it, 🙂 but it does tell you what you need to know. I'd start with something like the apache.xml and change all references to apache to refer to your parser, and take it from there.
You need to restart the logcollector when you change this file.