Decoder: Flex Parser

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Aug 26, 2019
Version 13Show Document
  • View in full screen mode

One of the files available for editing in the Services Config view > Files tab is NwFlex.xml, the Flex parser.


There are two kinds of Flex parsers:

  • Service identification based solely on port. These are parsers that use only the source or destination ports to identify the session application type (service). These are the most basic and easiest to define.
  • Service identification based on a found token(s). These parsers use tokens to identify the service type. This is also an easy way to expand which service types are identified. These are important when identifying non‐internet standard applications. These parsers require that the protocol has a definable token that can uniquely identify the service type.

Five common parser operations are: 

  • Match Port and Identify Immediately
  • Match Port and Delay Identification
  • Match Token and Identify Immediately
  • Match Multiple Tokens
  • Match Token and Create Metadata 

Detailed language information and samples are provided in this topic. This topic describes the XML schema used to define a FlexParse file. The SML node, attribute, and values referenced in descriptive text are bold. The root node of every file must be the parsers node. Under that node there can be any number of parser nodes. Each parser node defines a single parser. A parser node can have an optional declaration node and any number of match nodes.



Previous Topic:Feed Definitions File
You are here
Table of Contents > Feed and Parser References > Flex Parser