This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
pranavsankar1
Beginner
Beginner
‎2016-04-20 01:53 AM

SA Log Parser Creation

Jump to solution

Hi Folks,

 

Is anyone can help me out how the xml log parsing works in SA? I would like to learn and understand  how xml works in SA - creation,modification of parsers. I have checked in sadocs but couldnt help me.

 

It could be appreciable if any one sent me any links regarding xml log parsing.

 

Regards

Pranav Sankar

Reply
1 Solution

Accepted Solutions
DaveGlover
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2016-05-02 11:56 AM

Jump to solution

I just created a new video on using the new ESI tool.  Check it out

 

RSA ESI 106 - YouTube

View solution in original post

Reply
28 Replies
MohdSaadKhan
Contributor
Contributor
‎2016-04-20 03:15 AM

Jump to solution

Visit here for parser regarding info.

Parsers Book

Reply
DavidWaugh1
Employee
Employee
‎2016-04-20 03:53 AM

Jump to solution

Also take a look at this thread.

 

Custom Parsers

Reply
pranavsankar1
Beginner
Beginner
‎2016-04-21 03:41 AM

Jump to solution

Can anyone explain how we will write XML parsers?

 

For example when i worked for Arcsight Flex Parser first ill go with analyzing events,Regex Creation,Tokens,Patterns Concepts and finally deployment likewise how we will write XML parser here?

when i checked in above docs i couldnt find xml parsing concept.My queries are:

1.After analyzing raw events how we will make them to Header and message part in XML

2.Mapping concepts.

 

Hope this could clear and im eagerly waiting for your valuable comments.

0 Likes
Reply
DavidWaugh1
Employee
Employee
In response to pranavsankar1
‎2016-04-21 03:58 AM

Jump to solution

Hi Pranav if you post a few sample log messages here (make sure any sensitive data is anonymised) I'll do an example here.

0 Likes
Reply
pranavsankar1
Beginner
Beginner
In response to DavidWaugh1
‎2016-04-21 04:13 AM

Jump to solution

Dave its not possible with my customer view point we are not supposed to share any single point of logs.

0 Likes
Reply
DavidWaugh1
Employee
Employee
In response to pranavsankar1
‎2016-04-21 04:15 AM

Jump to solution

Oh dear. Then the best course of action is to sign up for the course that I outlined in Custom Parsers .

 

There are also some online learning course on the Event Source Integration Tool.

 

The course code is:

RSA-ENVESI

 

This is a free e-learning course you just need to register.

 

https://edu.corp.emc.com/search/widgets_template1.aspx

RSA Event Source Integrator_2016-04-14_08-58-34.png

 

If you have any problems accessing to content then Education Service can assist. You can contact them at

http://emc.force.com/EducationSupport

0 Likes
Reply
pranavsankar1
Beginner
Beginner
In response to DavidWaugh1
‎2016-04-21 04:18 AM

Jump to solution

thats pretty cool stuff david ..First ill go through this courses.

0 Likes
Reply
DaveGlover
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2016-04-21 10:40 AM

Jump to solution

If you are interested I have a video that I did on walking through a sample log file and I could email you the link for it if you would like

Reply
MohdSaadKhan
Contributor
Contributor
‎2016-04-21 01:12 PM

Jump to solution

Hi Dave,

Can you share the video link with me.

0 Likes
Reply
© 2021 RSA Security LLC or its affiliates.
All rights reserved.