RSA, a Dell Technologies business, announces the release of RSA® NetWitness Log Parser Tool v1.0 and the RSA® NetWitness Log Parser Community

Document created by RSA Product Team Employee on Dec 5, 2017Last modified by RSA Product Team Employee on Dec 5, 2017
Version 2Show Document
  • View in full screen mode

Dear Valued RSA Customer,


RSA, a Dell Technologies business, is pleased to announce the general availability of RSA NetWitness® Log Parser Tool v1.0. Leveraging unique and robust parsing technology, RSA NetWitness Log Parser Tool provides an easy and convenient way to create, edit and deploy custom Log Parsers on the RSA NetWitness Log Decoder.


RSA NetWitness Log Parser Tool (NwLPT):

The RSA NetWitness Log Parser Tool (NwLPT) is a standalone graphical tool that enables users to create and/or modify event source parser definitions for the RSA NetWitness Log Decoder. Here are some of the scenarios where this tool can be helpful:


  • User wants to create a parser for a custom application or other niche event sources to be integrated with RSA NetWitness Logs
  • User wants to improve or modify existing parsers to work differently for their environment or to serve specific use-cases
  • User wants to validate Logs against specific parsers without connecting with RSA NetWitness platform
  • User wants to deploy custom parsers across their RSA NetWitness environment



Release Notes: RSA NetWitness Log Parser Tool v1.1 Release Notes 


User Guide: Log Parser Tool v1.1 User Guide  


Download: RSA NetWitness Log Parser Tool v1.1 Downloads  (For Mac and Windows Platforms)


Free On-Demand Learning Course:  RSA NetWitness Log Parser Tool 


Feature Highlights:

  • Workflow to Create Headers and Messages
  • Cloning of Headers and Messages
  • Validation Checks for Headers and Messages
  • Advanced Search and Filter on Parsers/Logs
  • Continous-Parse and On-Demand Parse Modes
  • Deploy Parsers on Log Decoder directly from the tool
  • Generate Parsing Summary
  • Auto Splitting of Large Log Files
  • Direct Link to RSA NetWitness Parser Community on GitHub and Help Documents
  • Parser can be Exported as a Live Resource for simultaneous deployment to multiple decoders
  • Loading Latest Table-Map/Table-Map-Custom Through the Interface
  • Special support for structured logs via Advanced Tagval Functionality
  • Periodic Automatic Saving of Parsers
  • Graceful Error Handling throughout the tool


The RSA NetWitness product team is committed to continuing to improve the user experience for Logs and Parsers.  Thank you to all the customers and individuals who provided feedback during the development phases.  We look forward to your continued feedback.


RSA NetWitness Log Parser Community:

A repository to share and contribute event source log parsers for the RSA NetWitness Suite. A new event source log parser that is not currently supported by RSA NetWitness Logs can be developed using the RSA NetWitness Log Parser Tool and shared with the RSA NetWitness Log Parser Community. An existing event source log parser can also be modified to support new message types and patterns and shared with the RSA NetWitness Log Parser Community. 


GitHub members can contribute to the repository by adding/editing an event source parser by raising a Pull Request and it'll be reviewed by our engineers for correctness and design, and upon approval, it will be available in the community for free.


All RSA Developed Log Parsers are now Open Sourced under the Apache License 2.0 and available on Github. RSA will continue to actively update these parsers and will also review update contributions from the community.

Link: GitHub - netwitness/nw-logparsers: Netwitness Log Parsers  



For additional documentation, downloads, and more visit the RSA NetWitness Platform page on RSA Link.


EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

1 person found this helpful