Dear Valued RSA Customer,
RSA, a Dell Technologies business, is pleased to announce the general availability of RSA NetWitness® Log Parser Tool v1.0. Leveraging unique and robust parsing technology, RSA NetWitness Log Parser Tool provides an easy and convenient way to create, edit and deploy custom Log Parsers on the RSA NetWitness Log Decoder.
RSA NetWitness Log Parser Tool (NwLPT):
The RSA NetWitness Log Parser Tool (NwLPT) is a standalone graphical tool that enables users to create and/or modify event source parser definitions for the RSA NetWitness Log Decoder. Here are some of the scenarios where this tool can be helpful:
- User wants to create a parser for a custom application or other niche event sources to be integrated with RSA NetWitness Logs
- User wants to improve or modify existing parsers to work differently for their environment or to serve specific use-cases
- User wants to validate Logs against specific parsers without connecting with RSA NetWitness platform
- User wants to deploy custom parsers across their RSA NetWitness environment
Release Notes: RSA NetWitness Log Parser Tool v1.0 Release Notes
User Guide: RSA NetWitness Log Parser Tool v1.0 User Guide
Download: RSA NetWitness Log Parser Tool v1.0 Downloads (For Mac and Windows Platforms)
Free On-Demand Learning Course: RSA NetWitness Log Parser Tool
- Workflow to Create Headers and Messages
- Cloning of Headers and Messages
- Validation Checks for Headers and Messages
- Advanced Search and Filter on Parsers/Logs
- Continous-Parse and On-Demand Parse Modes
- Deploy Parsers on Log Decoder directly from the tool
- Generate Parsing Summary
- Auto Splitting of Large Log Files
- Direct Link to RSA NetWitness Parser Community on GitHub and Help Documents
- Parser can be Exported as a Live Resource for simultaneous deployment to multiple decoders
- Loading Latest Table-Map/Table-Map-Custom Through the Interface
- Special support for structured logs via Advanced Tagval Functionality
- Periodic Automatic Saving of Parsers
- Graceful Error Handling throughout the tool
The RSA NetWitness product team is committed to continuing to improve the user experience for Logs and Parsers. Thank you to all the customers and individuals who provided feedback during the development phases. We look forward to your continued feedback.
RSA NetWitness Log Parser Community:
A repository to share and contribute event source log parsers for the RSA NetWitness Suite. A new event source log parser that is not currently supported by RSA NetWitness Logs can be developed using the RSA NetWitness Log Parser Tool and shared with the RSA NetWitness Log Parser Community. An existing event source log parser can also be modified to support new message types and patterns and shared with the RSA NetWitness Log Parser Community.
GitHub members can contribute to the repository by adding/editing an event source parser by raising a Pull Request and it'll be reviewed by our engineers for correctness and design, and upon approval, it will be available in the community for free.
All RSA Developed Log Parsers are now Open Sourced under the Apache License 2.0 and available on Github. RSA will continue to actively update these parsers and will also review update contributions from the community.
For additional documentation, downloads, and more visit the RSA NetWitness Suite page on RSA Link.
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.