This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
No ratings

NetWitness LUA Parsers for Logs

JosephCantor
Employee
Employee

on ‎2019-03-26 05:17 PM - edited on ‎2022-04-29 06:22 AM by Occasional Contributor Occasional Contributor

 This Course is currently undergoing some updates, appreciate your patience as we are working on bringing for you the best training experience.

 

Netwitness-Education-2C (2).png

 

Access Training
for Customers/Partners

Access Training
for NetWitness Employees

 

 

 

Summary

This On-Demand Learning course will provide students with an overview of creating custom log parsers for RSA NetWitness using Lua.

 

Overview

This On-Demand Learning course will provide students with an overview of creating custom log parsers for RSA NetWitness using Lua. Students will cover topics such as when to use a custom parsers, the components of a Lua parser, how to create the Lua parser for logs and basic troubleshooting.

 

Audience

Customer, PS, CS, ES, Partners

 

Delivery Type

On-Demand Learning (self-paced eLearning)

 

Duration

60 Minutes

 

Prerequisite Knowledge/Skills
Knowledge of the following is suggested for attending this course:

  • General programming concepts including local and global variables, conditional logic (if, then, else) and program loops (while, do) is highly suggested but not required
  • Use of a source code editor (such as Notepad++)
  • Basic understanding of the grep command in Linux
  • RSA NetWitness for Logs and Packets Introduction – eLearning
  • RSA NetWitness for Logs and Packets Foundations ILT
  • RSA NetWitness Logs Parser Overview eLearning
  • RSA NetWitness for Logs and Packets Lua Parsers – eLearning

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Identify when the use of Lua is necessary for parsing and creating custom content
  • Understand and explain the use of RSA NetWitness meta callbacks
  • Understand and explain the use of nw.getPayload(), tostring() and nw.LogInfo() functions
  • Understand and explain the use of basic Lua string pattern-matching
  • Create a custom log (device) parser for a supported event source using a Lua parser
  • Test a Lua log parser for use in RSA NetWitness for Logs
  • Deploy a Lua log parser for use in RSA NetWitness for Logs
  • Perform basic troubleshooting of a Lua log parser

 

Course Outline

  • Log Data Collection
  • When to use Lua for Log Parsing
  • Components of a Lua Parser for Logs
  • Creating Custom Log Parsers
  • Basic Troubleshooting

 

If you have any questions, please contact your account manager or Contact Us directly!

 

 

Was this article helpful? Yes No
Version history
Last update:
‎2022-04-29 06:22 AM
Updated by:
Occasional Contributor Occasional Contributor
© 2022 RSA Security LLC or its affiliates. All rights reserved.