Is it possible to write the timestamp from a Header - to a field in a table?
I have a message that looks like this...
Nov 12 14:00:35 10.1.1.100 EvenTop_32_PassAuth 10lb03tbz Authentication OK
So, in my devicemsg.xml I have...
content="<month> <day> <time> <host> EvenTop_<msgnum>_<messageid> <field1> <!payload>" />
I'd like to write the date and time (in the format 'Nov 12 14:00:35' to a field in a table, is this possible?
- Community Thread
- Forum Thread
- RSA enVision
I would suggest you to try using this sentence in youu content field:
The point here is using the function "EVNTTIME".
Please let me know if it helps,
Thank you for your advice.
I wanted to pass the device timestamp to a table field so that I could use it in reports. However, I think I was going about this the wrong way, so instead what I did was...
Include a 'devts=' in my header element and then ticked the 'Use Device Timestamp' for the monitored device. Now my events are logged using the device timestamp and therefore appear in the correct order.
Although I was working with a syslog device, I suspect this method becomes very useful when dealing with periodic event collection (for example using the File Reader Service to collect every 5 minutes). Using 'devts=' in your XML would mean reports showing when events actually happened not simply when they were collected.