There are occasions when you want to analyze a log file that is not available on the service you are using. You can upload a log file captured on another service to Security Analytics. Log filenames are of the type .log.
When a log file is uploaded to a Log Decoder, the Log Decoder analyzes and generates meta for each log it contains. These logs are added to the already decoded logs on the Log Decoder and are available for analysis. Security Analytics includes a filename tracking option that makes searching for a particular set of logs easier. When the log file is uploaded with file tracking, the Log Decoder adds meta to each log based on the uploaded filename. You can then filter sessions for analysis using that meta.
The option to upload a log file is dimmed when other Log Decoder operations prevent an upload from occurring. For example, when the Log Decoder is capturing logs.
To import a log file to an Log Decoder:
- In the Security Analytics menu, select Administration > Services.
- Select a Log Decoder in the Service grid, and select > View > System.
The Services System view for the Log Decoder is displayed.
- In the toolbar, click Upload Log File.
- To choose a log file, click Browse.
A directory view is displayed.
- Select the log file that you want to upload.
The filename is displayed in the Upload File field.
- If you want the Log Decoder to add meta to the logs based on the filename, click the checkbox next to Track Filename.
- To upload the file, click Upload.
The selected file is uploaded and a status message indicates that the file is uploaded. The log file is available for analysis.