This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

What log standards does RSA Netwitness understand for a WEB application? And Can the admin configure it to understand proprietary WEB system logs?

malikzak
Beginner
Beginner

‎2019-04-30 09:09 AM

I am new to SIEM products, sorry if the question is redundant.

 

We have case where RSA Netwitness should read the log files of various web applications. Each one may have its own log pattern and some may support a standard log pattern.

 

What log standards does RSA Netwitness understand for a WEB application? And Can the admin configure it to understand proprietary WEB system logs?

 

Thanks in Advance

0 Likes
2 REPLIES 2

DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2019-04-30 09:37 AM

Netwitness understands Apache and ISS log formats

 

If your custom app writes in a different format a customer parser will be needed to normalize the data.

 

The caveat to this is.. if your application can write the logs using key value pairs (user=bob , source address=1.2.3.4) then the log decoder will be able to parse this data without any additional work.

 

Feel free to reach out to me and I can help you with a custom parser if needed.

 

Dave

malikzak
Beginner
Beginner
In response to DaveGlover

‎2019-05-06 03:08 AM

Thats great.

 

Thanks Dave

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.