This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

SA Log Parser Creation

Go to solution
pranavsankar1
Beginner
Beginner

‎2016-04-20 01:53 AM

Hi Folks,

 

Is anyone can help me out how the xml log parsing works in SA? I would like to learn and understand  how xml works in SA - creation,modification of parsers. I have checked in sadocs but couldnt help me.

 

It could be appreciable if any one sent me any links regarding xml log parsing.

 

Regards

Pranav Sankar

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2016-05-02 11:56 AM

I just created a new video on using the new ESI tool.  Check it out

 

RSA ESI 106 - YouTube

View solution in original post

28 REPLIES 28

Go to solution
MohdSaadKhan
Frequent Contributor
Frequent Contributor

‎2016-04-20 03:15 AM

Visit here for parser regarding info.

Parsers Book

Go to solution
DavidWaugh1
Employee
Employee

‎2016-04-20 03:53 AM

Also take a look at this thread.

 

Custom Parsers

Go to solution
pranavsankar1
Beginner
Beginner

‎2016-04-21 03:41 AM

Can anyone explain how we will write XML parsers?

 

For example when i worked for Arcsight Flex Parser first ill go with analyzing events,Regex Creation,Tokens,Patterns Concepts and finally deployment likewise how we will write XML parser here?

when i checked in above docs i couldnt find xml parsing concept.My queries are:

1.After analyzing raw events how we will make them to Header and message part in XML

2.Mapping concepts.

 

Hope this could clear and im eagerly waiting for your valuable comments.

0 Likes

Go to solution
DavidWaugh1
Employee
Employee
In response to pranavsankar1

‎2016-04-21 03:58 AM

Hi Pranav if you post a few sample log messages here (make sure any sensitive data is anonymised) I'll do an example here.

0 Likes

Go to solution
pranavsankar1
Beginner
Beginner
In response to DavidWaugh1

‎2016-04-21 04:13 AM

Dave its not possible with my customer view point we are not supposed to share any single point of logs.

0 Likes

Go to solution
DavidWaugh1
Employee
Employee
In response to pranavsankar1

‎2016-04-21 04:15 AM

Oh dear. Then the best course of action is to sign up for the course that I outlined in Custom Parsers .

 

There are also some online learning course on the Event Source Integration Tool.

 

The course code is:

RSA-ENVESI

 

This is a free e-learning course you just need to register.

 

https://edu.corp.emc.com/search/widgets_template1.aspx

RSA Event Source Integrator_2016-04-14_08-58-34.png

 

If you have any problems accessing to content then Education Service can assist. You can contact them at

http://emc.force.com/EducationSupport

0 Likes

Go to solution
pranavsankar1
Beginner
Beginner
In response to DavidWaugh1

‎2016-04-21 04:18 AM

thats pretty cool stuff david ..First ill go through this courses.

0 Likes

Go to solution
DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2016-04-21 10:40 AM

If you are interested I have a video that I did on walking through a sample log file and I could email you the link for it if you would like

Go to solution
MohdSaadKhan
Frequent Contributor
Frequent Contributor

‎2016-04-21 01:12 PM

Hi Dave,

Can you share the video link with me.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.