Manage Parser Mappings

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Sep 11, 2018
Version 9Show Document
  • View in full screen mode
 

The Manage Parser Mappings dialog allows you to map the appropriate parsers for selected Event Source addresses. From the Details view, select the Map button.

Workflow

This workflow shows the overall process for configuring event sources.

 

What do you want to do?

                                           
RoleI want to...Documentation
AdministratorView and modify event sources.

Managing Event Source Groups topic in the Event Source Management Guide

AdministratorAcknowledge and map events sources.

Acknowledging and Mapping Event Sources topic in the Event Source Management Guide

Administrator

*Add and configure parser mappings for a Log Decoder

Manage Parser Mappings topic in the Event Source Management Guide

AdministratorView event source alarms.

Viewing Event Source Alarms topic in the Event Source Management Guide

Administrator

View log parser rules.

Default Log Parser and Log Parser Rules topic in the Event Source Management Guide

Administrator

Troubleshoot event source management.

Troubleshooting Event Source Management topic in the Event Source Management Guide

*You can perform this task here.

Quick Look

                     
1

Displays all the available parsers that you can map based on the event sources that you selected from the Discovery view. Also displays the mappings that are already present in the Log Decoders for the selected event source or the parsers that have been discovered.

To filter your available parsers, type the first few letters of the parser name that you want to map.
Click the Add to Mapping button to add the parser to the parser mappings listed in the right panel.

You need to select parsers before the Add to Mapping button is enabled.

Add the selected parser by clicking the Add to Mapping button in the right panel.

You can rearrange the order of the parser mappings using the up and down arrow keys and you can also drag and drop selected parser mappings. You can select multiple mappings by pressing the Ctrl key.

2

Displays the names of the selected parsers that you want to map.

3

Displays the order of the selected parser mappings.
You can delete parser mappings by selecting the minus sign  ().
Press the Ctrl key to select multiple mappings to perform group operations on them.

4

Click Save to save your mappings to all the Log Decoders. A pop-up message informs you that your mappings are successfully saved. When the window is closed, the banner on the Details tab is updated to reflect the status. If mapped, the text displayed is Mapped.
Click Cancel to return to the Details tab.

Advanced Configuration

Mapping configurations with the Log Collector are not displayed in the Parser Mappings window. If the mapping is saved, it is saved for the corresponding IP address, not for the corresponding Log Collector entry. If no mappings are found for the corresponding IP address, the discovered event source types are displayed in the Parser Mappings window.

If advanced Log Decoder configurations are discovered, a message similar to the one below displays in the Manage Parser Mappings dialog.

Note: If you want to edit the advanced configuration, you need to navigate to the Log Decoder service's parser mappings configuration.

Message is displayed in Manage Parser Mappings dialog when Advanced Configuration is discovered.

You are here
Table of Contents > Manage Parser Mappings

Attachments

    Outcomes