The RSA Live Content team has published updates for 6 more Log Parsers that generate the largest number of, “Unknown Message Defect” support cases. Earlier in October 2016 (Log Parser Improvements ) 15 parsers were published.
These enhancements are part of a strategic initiative to drive improvements to Log Parsers.
Benefits from these improvements result in:
- Fewer Unknown Messages
- Improved Device Discovery
- Better Adaptability to newer versions of an Event Source
- Reduced Parser Maintenance
To take advantage of these improvements you will need to download the latest versions of the parsers listed below from the Live Portal.
S.No. | Event Source | Log Parser | Improvements | |
1 | Fortinet FortiGate | fortinet | This parser has been redesigned to parse all event ids generated by the event source. We have made the parser future proof to parse newer event ids that may be introduced in newer versions of the product. It can also accommodate New/Unknown tags, which significantly reduces the number of unknown messages. | |
2 | Microsoft Exchange Server | msexchange | This parser can now identify all Microsoft Excahnge events coming in via Windows Collection. | |
3 | F5 Big-IP Application Security Manager | bigipasm | This event source has a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages. | |
4 | Bit9 Security Platform | bit9 | This parser has been redesigned to parse all event ids generated by the event source coming in via Syslog. We have made the parser future proof to parse newer event ids that may be introduced in newer versions of the product. This event source has a structured log format and uses tag=value format. It can also accommodate New/Unknown tags, which significantly reduces the number of unknown messages. | |
5 | Cisco IronPort Email Security Appliance | ciscoiportesa | This parser has been made future proof to identify all events coming in via File Reader or Syslog. | |
6 | Trend Micro Control Manager | trendmicro | This parser has been redesigned to parse all event ids generated by the event source. It has been made future proof to parse newer event ids that may be introduced in newer versions of the product. This event source has a structured log format and uses tag=value format. It can also accommodate New/Unknown tags, which significantly reduces the number of unknown messages. | |
RSA Live Content team will be powering similar improvements for more parsers over the next two quarters.
Saket, I am a new user (just started two weeks ago). Can you, please, point me to the page where I can download the parser updates related to our equipment? How should I do it step-by-step? Thanks in advance.