on Jul 10, 2018Dear Valued RSA Customer,
RSA, a Dell Technologies business, is pleased to announce the general availability of RSA NetWitness® Log Parser Tool v1.1. The RSA NetWitness Log Parser Tool provides an easy and convenient way to create, edit and deploy custom Log Parsers on the RSA NetWitness Log Decoder.
RSA NetWitness Log Parser Tool (NWLPT):
The RSA NetWitness Log Parser Tool (NWLPT) is a standalone graphical tool that enables users to create and/or modify event source parser definitions that can facilitate RSA NetWitness Log Decoder to parse out log events into normalized meta keys. Here are some of the scenarios where this tool can be helpful:
- To easily create a parser for custom applications or niche event sources
- To improve or modify existing parsers for a particular environment or specific use-cases
- To validate Logs against specific parsers without connecting with the RSA NetWitness platform
- To deploy custom parsers across an RSA NetWitness environment
Release Notes: RSA NetWitness Log Parser Tool v1.1 Release Notes
User Guide: Log Parser Tool v1.1 User Guide
Download: RSA NetWitness Log Parser Tool v1.1 Downloads (For Mac and Windows Platforms)
Free On-Demand Learning Course: RSA NetWitness Log Parser Tool
Feature Highlights in v1.1:
- Create custom versions of existing Log Parsers - https://community.rsa.com/docs/DOC-83425
- Visually Differentiate custom changes made to a Log Parser
- Add/Edit/Delete ValueMaps
- TAB Delimiter is now allowed under TagValMap Functionality
- Direct Link to the RSA NetWitness Unified Data Model - RSA NetWitness Unified Data Model
- Compatibility with latest versions of RSA NetWitness Log Decoder
- Several Stability fixes
Feature Highlights in v1.0:
- Workflow to Create Headers and Messages
- Cloning of Headers and Messages
- Validation Checks for Headers and Messages
- Advanced Search and Filter on Parsers/Logs
- Continuous-Parse and On-Demand Parse Modes
- Deploy Parsers on Log Decoder directly from the tool
- Auto Splitting of Large Log Files
- Direct Link to RSA NetWitness Parser Community on GitHub and Help Documents
- Parser can be Exported as a Live Resource for simultaneous deployment to multiple decoders
- Loading Latest Table-Map/Table-Map-Custom Through the Interface
- Periodic Automatic Saving of Parsers
The RSA NetWitness product team is committed to continuing to improve the user experience for NetWitness Logs. Thank you to all the customers and individuals who provided feedback during the development phases. We look forward to your continued collaboration.
For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.