NetWitness Community

Anonymous · ‎2014-03-17

The last time that ESI was updated was in 2012.

I was wondering if ESI will be modified to fully function with Security Analytics.

Or are there any other tools that can be used to build XML based log parsers?

huanzhou1 · ‎2014-03-17

only ESI so far, and it's working, the xml version need to be 2.0, i asked question previously, you may check the old post

huanzhou1 · ‎2014-03-17

How to deploy the event source package created by ESI?

Check this.

Anonymous · ‎2014-03-17

Thanks a lot. I'll give this a shot.

Anonymous · ‎2014-03-18

Ok. Quick Update here. I updated ESI with the latest event source update and although I can properly parse messages with my parser I get the following error message.

"Report is not generated because the message definition contains tags unsupported by ESI".

Any idea what causes this error message?

huanzhou1 · ‎2014-03-18

where you see the error? can share the samples so i can check in my computer?

Thanks.

Anonymous · ‎2014-03-18

Hi Patriot,

I've attached the test xml parser and test log.

Please let me know if you find anything.

huanzhou1 · ‎2014-03-24

sorry for the late reply, let me check and update you.

huanzhou1 · ‎2014-03-24

where you get the error? i opened but all the 3 logs are not parsed

Anonymous · ‎2014-03-24

Hi Patriot,

I even tried this with existing XML parsers with sample logs.

All the log messages were parsed on the header and message side.

Once, I try and run the Event Analysis Report. The Report completes but I get the following error for the message.

Report is not generated because the message definition contains tags unsupported by ESI.

NetWitness Community

XML Parsing with Security Analytics & ESI