This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Struggling to Parse a ciscoasa message

david_waugh
Beginner
Beginner

‎2017-10-20 10:06 AM

Hello

 

Im struggling to parse the following ciscoasa message with the ESI tool.

 

Oct 14 21:42:26 172.19.46.1 :%ASA-svc-4-722037: Group User IP <1.2.3.4> SVC closing connection: Transport closing.

 

I can define the header in the ESI 1.2.1 tool but it subsquently fails to match the header.

Playing around I think the problem is the colon follow directly by the percent character. (:%)

 

Can anyone help?

0 Likes
4 REPLIES 4

NaushadKasu1
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2017-10-20 10:42 AM

Can you paste your HEADER and MESSAGE so we can see what is not working for you?

0 Likes

david_waugh
Beginner
Beginner

‎2017-10-20 10:48 AM

It looks to be a problem with the ESI tool. When I placed the parser that was created in the tool on a test system the message parsed as intended.

0 Likes

NaushadKasu1
Trusted Contributor Trusted Contributor
Trusted Contributor
In response to david_waugh

‎2017-10-20 10:51 AM

Please report the issue with screenshots and examples as a support case so we can open a ticket with the content team engineering this tool.  Thank you -- glad the message is parsing.

0 Likes

EricPartington
Employee
Employee

‎2017-10-20 11:03 AM

is your ESI tool the same one from here ?

https://community.rsa.com/community/products/netwitness/blog/2017/04/24/rsa-netwitness-esi-10-beta-3 

 

or an older version of the ESI  tool?

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.