Manage Parser Mappings

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Oct 11, 2017
Version 6Show Document
  • View in full screen mode
 

The Manage Parser Mappings dialog allows you to map the appropriate parsers for selected Event Source addresses. From the Details view, select the Map button. The Manage Parser Mappings dialog displays.

Workflow

These are the required configuration steps for a new Decoder or Log Decoder, along with tasks for viewing, acknowledging, and mapping event source types.

What do you want to do?

                  
RoleI want to...Documentation
Administrator

Map parsers for selected Event Source addresses.

Details View

Quick Look

To access the Manage Parser Mappings dialog:

  • From the Details view, select the Map button.

The Manage Parser Mappings dialog displays.

This is an example of the Manage Parser Mappings dialog.

                     
1Displays all the available enabled parsers that you can map based on the event sources that you selected from the Discovery view.
2

Displays the mappings that are already present in the Log Decoders for the selected event source or the parsers that have been discovered.

To filter your available parsers, type the first few letters of the parser name that you want to map.
Click the Add to Mapping button to add the parser to the parser mappings listed in the right panel.

3

Displays the order of the selected parser mappings.

You can rearrange the order of the parser mappings using the up Upand down Downarrow keys.
You can delete parser mappings by selecting the minus sign  (The delete icon).
Press the Ctrl key to select multiple mappings to perform group operations on them.

4

Click Save to save your mappings to all the Log Decoders. A pop-up message informs you that your mappings are successfully saved. When the window is closed, the banner on the Details tab is updated to reflect the status. If mapped, the text displayed is Mapped.
Click Cancel to return to the Details tab.

Advanced Configuration with LCID

When an LCID exists, the event source ignores its presence. Any entry or sub-entry mapping configurations with LCIDs are not displayed in the Parser Mappings window. If the mapping is saved, it is saved for the corresponding IP address, not for the corresponding LCID entry. If no mappings are found for the IP address, the discovered event source types are displayed in the Parser Mappings window.

If there is a problem obtaining parser mappings from your Log Decoder when an advanced configuration is discovered, an error message similar to the one shown below displays in the Manage Parser Mappings dialog.

This is an example of the Manage Parser Mappings dialog with an error message.

You are here
Table of Contents > Manage Parser Mappings

Attachments

    Outcomes